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Abstract 

There are a number of applied lambda-calculi in which terms and types are anno¬ 
tated with parameters denoting either locations or locations in machine memory. 
Such calculi have been designed with safe memory-management operations in mind. 

It is difficult to construct directly denotational models for existing calculi of this 
kind. We approach the problem differently, by starting from a class of mathematical 
models that describe some of the essential semantic properties intended in these 
calculi. In particular, disjointness conditions between regions (or locations) are 
implicit in many of the memory-management operations. 

Bunched polymorphism provides natural type-theoretic mechanisms for capturing 
the disjointness conditions in such models. We illustrate this by adding regions to 
the basic disjointness model of aX, the lambda-calculus associated to the logic of 
bunched implications. We show how both additive and multiplicative polymorphic 
quantifiers arise naturally in our models. A locations model is a special case. In 
order to relate this enterprise back to previous work on memory-management, we 
provide an example in which the model is refined and used to provide a denotational 
semantics for a language with explicit allocation and disposal of regions. 
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1 Introduction 

In recent years, there has been an upsurge of interest in the use of regions 
amongst the types, semantics and programming language communities. This 
interest can be traced back to the influential papers by Lucassen and Gifford 
[12] and Tofte and Talpin [25]. 

The system of [12] was designed to provide an analysis of side-effects in 
languages that combine functional and imperative programming. The side- 
effects were concerned with changes to machine state induced by evaluating 
expressions containing references. Regions were introduced to describe the 
area of store in which side-effects of expressions occur. This gave control 
over how the side-effects of various sub-expressions of some larger expression 
interact. Regions were taken to be infinite and references could be allocated, 
read and updated. In particular, references were always allocated within a 
specific, named region by the programmer. 

Most of the current work on regions is on type systems for memory- 
management. Such type systems are intended to be a way of recycling unused 
memory earlier than would be done by a garbage-collector and in such a way 
that it is easy to see when memory has been allocated and deallocated. A 
recent survey of region-based memory-management can be found in [10]. In 
common with the languages described there, our type systems enjoy the so- 
called region-safety property; that is, there are no accesses to unallocated or 
deallocated regions occur at run time. 

In [25], (almost) all values of an ML-like language are put in regions. This 
is done by a translation to a language in which expressions are annotated with 
region variables. The scopes of these region variables are then delimited by a 
certain kind of let expression. At runtime, these region variables are mapped 
to actual regions. For example, a value-creating program M is (roughly) 
translated into an annotated program letreg p in M' at p end, where M' is 
formed by suitably translating sub-expressions of M. When this is executed, 
first a region of memory (corresponding to p) is allocated, M' is evaluated 
(storing and retrieving values from p), then p is deallocated. Since letreg is 
the only construct for allocating and deallocating regions, a stack discipline 
for regions is enforced. An important part of this system is the existence of 
functions which are polymorphic in their region variables. 

Later, the alias type family of languages was developed — see Walker and 
Morrisett [28] — also with safe operations for memory-management in mind. 
The types in these systems typically contain location parameters. 

A key concept in this paper is that of location. For our present purposes, 
the principal properties that we need to capture are that a location is an 
indivisible part of machine memory and that values of arbitrary size may be 
stored at a location. Thus our conception of location is a (limited) abstraction 
of, for example, formulations in which large values are stored using multiple 
linked memory addresses. A region is simply a set of locations in machine 
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memory. Regions may overlap. Following, for example, [12], a reference is to 
a location within a specified region. Thus our characterization of locations 
and regions obtains at a level of abstraction similar to that of resources in 
the semantics of BI [18,17], the mathematical structure of which captures the 
view that the essential properties of resources at that level of abstraction are 
their composability and comparability. 

Region and location systems are usually presented together with a detailed 
operational semantics. These are often rather complicated, but various safety 
properties can nevertheless be verified. On the other hand, denotational mod¬ 
els of region and location languages are almost never presented — an exception 
is Banerjee, Heintze and Riecke [1]. Recently Morrisett, Ahmed and Fluet [13] 
have also taken some steps in that direction. We believe that mathematical 
models are no less important for these languages than they are for any other. 
The usual arguments for denotational semantics in terms of conceptual clarity, 
abstract correctness criteria and methods for proving equivalence of programs 
(possibly in different implementations or even languages) all hold in this set¬ 
ting; see Scott and Strachey [21], 

In this paper, we approach memory-management from a denotational view¬ 
point. We present techniques for building models of type-systems in which 
region and location parameters are present in types. The two key techniques 
are the use of bunched polymorphism and the construction of models that are 
indexed categories over a base of regions. 

The point of bunched polymorphism is to provide additive and multiplica¬ 
tive variants of polymorphic quantification within a single lambda-calculus. 
Theoretical aspects were studied in Collinson, Pym, and Robinson [3] . In that 
paper, a definition of categorical model was given. These consist of variants 
of hyperdoctrines for polymorphism [22] together with extra structure to in- 
tepret the multiplicatives. Thus the fibres of the underlying indexed category 
consist of doubly-closed categories, while the base has an additional monoidal 
structure to interpret the multiplicative combination of type variables. The 
monoid also supports a kind of weak projection and this enables one to define 
the functor that models the multiplicative quantifier as the right-adjoint to 
the induced substitution. Soundness and completeness theorems are given. A 
model based on partial equivalence relations was given: the indexed category 
has pairs of pers in the fibres. 

We are concerned herein with a simpler situation, in which we have region 
rather than type variables. This enables us to give a more concrete resource 
reading to the bunched polymorphic quantifiers. From a logical perspective 
this constitutes a step down from second-order propositional to second-order 
predicate quantification. In models such as those we present, the additive 
quantifier turns out to be ordinary second-order quantification: it says ‘for all 
predicates’ in the model. This gives a mechanism for treating region polymor¬ 
phic functions. The multiplicative quantifier also has an appealing and useful 
character. It may be read as saying ‘for all new predicates’, where ‘new’ means 
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disjoint from the predicates used to interpret the scope of the quantifier. We 
put this multiplicative quantifier to good use. 

Disjointness properties are crucial to the allocation and deallocation of 
regions. When a region is allocated, it is assumed that it is disjoint from all 
previously allocated regions. After a region is deallocated, there should be no 
use of any of its locations, and so it must be disjoint from all the regions used 
by the remainder of the computation. Implicit disjointness conditions between 
region variables may be captured using the syntax of bunched polymorphism. 
Similar comments apply to calculi with location variables. 

We present a method of constructing models (indexing over a certain cat¬ 
egory) which is quite general. The particular models we use as examples are 
constructed from the basic disjointness model (BDM) of O’Hearn [14] for a A, 
the lambda calculus associated with the bunched logic, BI, of O’Hearn and 
Pym [15,18]. The BDM is a relative both of Reynolds-Oles functor category 
semantics [16,19], and of the heap semantics of separation logic, see Reynolds 
[20]. In the BDM, types are denoted by variable sets (presheaves). These are 
sets parametrized by sets of machine locations. The way locations are used 
makes it an obvious setting to attempt regioning. The fact that it supports 
a\ helps to develop a language for references. 

As this is a first attempt to construct simple denotational models of regions 
we do not expect to retain all the useful properties of pre-existing region and 
location languages. 

We begin by presenting a modification of the bunched polymorphic lambda 
calculus introduced by Collinson, Pym, and Robinson [3]. We review the BDM 
and its notion of state. We define regions and the category of realms (bunches 
of region variables) which is fundamental to our appoach. As an example 
of a semantics we show how to construct an indexed category with fibres 
based on the BDM and indexing by realms. We describe the interpretation of 
additive and multiplicative quantifiers. We show how this specializes to the 
case of location variables. We give a suitable modification to the notion of 
BDM state. We develop the example in more depth by giving a programming 
language with allocation and deallocation of regions. In this language, based 
on Berdine and O’Hearn [2], only references are placed in regions. We refine 
the BDM with regions to give a semantics and show how it supports the 
allocation and deallocation of regions. 

We thank Josh Berdine and Peter O’Hearn for discussions and help with 
this work. In particular, their language and model in [2] is the starting point 
for our language and model for references in regions. Our models are also 
descended from the PER models of bunched polymorphism of our earlier joint 
work with Edmund Robinson [3]. Finally, we thank the anonymous referees for 
providing helpful comments in response to preliminary versions of this work. 
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2 Bunched Region Polymorphism 

The calculi we wish to treat in this paper have types containing region variables 
and contexts containing bunches of such variables. The set-up of these calculi 
follows our earlier treatment of bunched polymorphism [3] for type (rather 
than region) variables. The principal syntactic differences between these cases 
are in the polymorphic applications: region variables must be instantiated with 
regions, whereas type variables may be instantiated with more general types. 

This section presents the bunched polymorphic lambda-calculus that forms 
the essential functional core of all the type systems we will use in this paper. 
The calculus is based on the aA-calculus corresponding to BI, see [15,18]. 
Recall that this features contexts that are certain trees, called bunches, with 
ordinary variables at the leaves. We extend aX to a new calculus by adding a 
context zone for type variables that also contains bunches. 

The extension is orthogonal in the sense that the bunching in the two levels 
of variable are entirely independent. There are perfectly sensible calculi that 
are bunched in each, but not both, of the context zones. We have chosen a 
calculus with bunching at first-order in order to help us develop the language 
in Section 4. 

Assume a countable collection of region variables , written p, possibly with 
subscripts, superscripts, primes and a countable collection of (ordinary) vari¬ 
ables, written x,y,z. 

The types are generated by the grammar 

T:=T|/|pref|rAr|r*T|r^r|r^r| Vp.r | V*p.T , 

where p is a region variable. The operators T, A, —► and V are the additive 
unit, product, function space and polymorphic abstraction (universal quanti¬ 
fier), respectively. There are multiplicative operators for unit I, product *, 
function space —* and polymorphic abstraction V*. We allow the letters a,r 
to range over types. A region variable p is free in t if it is not bound by (in 
the scope of) a quantifier Vp or V*p. 

The type p ref introduces region variables into the type system. The idea 
is that a value with this type will be a reference to some location l in the 
region determined by p (in a suitable environment). For this first language, 
we are not assuming that the location holds some value. Consequently, we 
have none of the standard operations for references (dereference, update, allo¬ 
cation, disposal) or regions (allocation, disposal). These will be added when 
we elaborate the model in Section 4. Our initial aim is to investigate additive 
and multiplicative quantification over region variables and to build a simple 
set-theoretic model. 

A realm is a bunch of region variables. These are generated as follows 

B := 0 | p | B,B | B-B , 
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subject to the restriction that any region variable may occur at most once in 
a bunch. Let B (and variants with primes, subscripts and superscripts) range 
over realms. 

We write B b r and say the type r is well-formed over (the realm) B when 
every free region variable in r is present in B. In particular this means that 
the first-order formations for types (T, A, I, *, —*) take place over fixed 
realms. 

A context is a bunch of typed ordinary variables. These are generated by 

r : = 0 | 0 * | x: r | r,r | r ; r , 

with x a variable, r a type and so that any variable occurs at most once. We 
use the letters T and A for contexts. The units 0 and 0* are distinct from 
the unit 0 for realms. Write B b T, and say that the context T is well-formed 
over B, when B b r for each variable x : r in T. Our contexts are just the 
contexts of a\ over realms. 

Bunches can be regarded as trees with labelled nodes. Bunches are always 
subject to a pair of equivalence relations, see [18] and this applies to both our 
realms and our contexts. The first equivalence = on bunches is used to build 
structural rules that allow us to permute variables in realms or contexts. It 
is given by commutative monoid rules for , for and by a congruence to 
ensure that the monoid rules can be applied at arbitrary depth in any bunch. 
The second relation = is used to control contraction rules. The equivalence 
= on realms is simply renaming of type variables: B = B 1 if B' can be 
obtained from B by renaming bijectively with region variables. The relation 
T = A between contexts holds just when A can be obtained by relabelling the 
variables of the leaves of L in a type preserving way: any leaf x : r of L must 
correspond to a node y : r of A. 

A sub-bunch of a bunch B is a sub-tree B' such that all leaves of B' are 
leaves of B. Let B(Bi | ... | B n ) be the notation for a bunch (realm or 
context) B with distinct, distinguished sub-bunches Bi,... ,B n . The bunch 
B[B[/Bi,... B’ n /B n \ is formed by replacing each distinguished bunch B t in B 
with B[. We reiterate that variables may only occur once in a context and 
that type variables may only occur once in a realm. 

The terms of the language are given by the following grammar 

M := x | T | I | let I be M in M \ (M, M) \ n±M 

| 7 t 2 M | M * M | let (x, y) be M in M | Ax : t.M 
| app(M, M) | A*x : t.M | app*(M, M) \ A p.M 
| App(M, p) | A*p.M | App*(M, p) , 

where p is a region variable, r is a type, B is a realm and x is a variable. We 
use the letters M, N for terms. 
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We now attempt to convey the intended meanings behind our language — 
these will be made precise when we give denotations. A fundamental idea in 
this paper is to use the bunched structure of realms to keep track of assumed 
separation between interpretations of region variables. If two region variables 
are separated multiplicatively (by a comma) then they denote regions which 
do not overlap. On the other hand region variables separated additively may 
overlap. In this particular set-up, the parametrization by region variables 
enters the language through types p ref. This is intended to be the type of 
references to locations in p. The first-order types T, Ahave their 
standard disjointness readings, see [14] for example. A term M : Vp.r may be 
instantiated with any region to give term App(M, p) : r. Therefore we have 
an explicit form of region polymorphism. In contrast, a term M : V*p.r may 
be instantiated with any region that is disjoint from all others appearing free 
in M and r. This will enable us to type constants for region allocation and 
disposal in Section 4. 

Let FV (—) be the set of variables which are in a context (—) or free (not 
bound by a lambda abstraction) in a term (—). We use the notation FRY (—) 
for the set of region variables which occur free in a realm (—), type (—), 
the types of the variables in the context (—) or the type of the term (—), 
respectively. In a term App*(M, p), the type variable p is free. For each term 
M, let p(M) be the set of region variables that are free and that arise in this 
way in M, that is, that are used to instantiate a multiplicative quantifier in a 
subterm of M. 

The calculus produces (term formation) judgements of the form 
B \ Y \~ M : t , 

that a term M is well-typed with r, given the bunch of region variables B and 
the bunch of (ordinary) variables T. These judgements depend on the well- 
formedness of types and contexts over realms. The judgements are derived 
according to a system of rules, a representative fragment of which is shown 
in Figure 1. In addition to the rules shown, there are introduction and elim¬ 
ination rules for rules for additive (T) and multiplicative (I) units, additive 
(A) and multiplicative (*) conjunction, additive functions (—>■), contraction 
(■ C) and equivalence (E) for contexts. These may be found in [3]. All of the 
rules, other than the quantifier rules and the realm structural, use a fixed 
realm B. That is to say, they are essentially the familiar rules for a;A, but 
parametrized by the realm. Let the side-condition (ff) on (V/) and (V*/) be 
p ^ FRV (F). The elimination rules (A E), (*E), (—> E) and (-*#) are subject 
to the side-condition 


(f) p{N) n FRV(M) = 0 

that requires the separation of certain of the free region variables present. 
This side-condition makes substitution of terms M for variables x in terms 
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{Ax) 


i-^I) 


BVt 


B | x : r b x :t 

B | r, x : a h M : r 
5 I T h A*:r : a.M : cr —* 


5 | T(A) h M : r BhA' 
B | r(A;A') h M : r 


(W) 


^ B\r\~N:cr—*T B\A\~M:a, 
^ 5 | T,A b app* (IV, M):r 


, s B; p \ V \~ M : t , x 
^ B | T h Ap.M : Vp.r ^ 


B I r h Af : Vp.r 
5; p' I r h App(M, p') : t[p7p] 


, S,p|rhM:r , 

bJtVKpMA^t ^ 


(FW) 

{FC) 


B'\T\-M:r 


B I r h M : V*p.r 
S, p' I r h App*(M, p') : r[p'/p] 


(V*£) 


5(5') I r h M : r 

B{B\ \ B[) | r h M : r 
B(Si) I r^i/B'] h M[Si/B'] : tI-Bi/5'] 

Fig. 1. Term formations 


, Si I T h M : r 

(S^SO n/ p I . {FE) 


B' 1 \T\- M :r y 


( B ! = Si) 


A - an admissible rule over a fixed realm. However, this requires that none 
the regions used by M is used to instantiate a multiplicative quantifier in the 
formation of N. This makes sense since the region used to form a witness to 
such an instantiation may be required to be disjoint from those required for x, 
and therefore also M. The corresponding side-conditions on elimination rules 
are necessary since subject-reduction requires substitution. 

The reductions for this system consist of the reductions for aX together 
with the evident /ir/(-rules over a fixed realm, see [3] for details. The crucial 
metatheoretic properties ( i.e ., admissible substitution (cut), normalization, 
subject-reduction) of the system all hold: the proofs are simplifications of 
those from the type variable case. 

3 A Region Disjointness Model 

Models for a:A consist of cartesian doubly closed categories (CDCCs). An 
important model called the basic disjointness model (BDM) for aX, is given 
in [14]. This model is based on the category of sets together with a category of 
sets of machine locations called worlds. It is the simplest of a series of models 
for aA that explain the sharing interpretation of aX in terms of computations 
with machine memory as resource. 

In this section, we develop the BDM so that it supports bunched region 
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polymorphism. We call the new model the basic region disjointness model 
(BRDM). This is an indexed category, in which the objects of the base are 
realms. It is an instance of (a simplification of) the general categorical model 
in [3]. The BRDM may be understood, for the most part, without knowledge 
of indexed categories since most of the constructions are really just about 
families of sets and functions. 

3.1 The Basic Disjointness Model 

The construction in [14] begins with a given infinite set, Loc , of locations. A 
world is a finite set of locations. Let W = Vf(Loc) be the set of all worlds. 
This is also regarded as a discrete category under the same name. 

The BDM is based on the functor category Set w , where Set is the category 
of sets and functions. Objects are used to denote the types and morphisms 
the terms of a;A. 

The cartesian closed structure is given pointwise and this is used to in¬ 
terpret the additive product and function types. The other monoidal closed 
structure (used to interpret the multiplicative products and function types) is 
slightly more involved. A partial, binary operation * on W is defined by 

( VUW if R n IT = 0 

V *W = < 

I undefined otherwise 

for V, IT e W. For any world IT, let IT# be the family of worlds which 
are disjoint from W. Following [4,5], this leads to a tensor * on Set w . For 
A, B e Set w this is given by 

(A * B)W={{U , V, a, b) | a € AU, b e BV, U * V = W} 
at IT G W. The corresponding exponent has 

(A —* B)V = Yl {MW)=*B{V*W)) 
wev# 

at any world V 6 W, where =>- is the set-theoretic function space. This 
gives rise to the sharing interpretation of the multiplicatives: multiplicative 
pairs come from disjoint worlds; multiplicative functions take arguments from 
worlds disjoint from the one that the function uses. 

Interesting examples using the separation properties of multiplicatives are 
produced in [14] through the use of a type of stores. In order to do this we 
let L : W —» Set be the inclusion functor, so that LW = W is thought 
of as a set of locations. Let N : W —» Set be the constant functor to 
the natural numbers. Define a functor S = L — * (1 V (A - A Lj) using the 
evident pointwise operations. For some singleton {a} and any W e W, we 
have SW = W => ({a} + (N x IT)) . Then we may regard s £ SW as a 
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representation of the portion of store at world W : the element a represents the 
null pointer and every other location contains both an integer and a location. 

We now introduce some additional notation. Suppose W is any sub-family 
of W and t is a family of functors with t(U) E Set w for each U E W. Let 
Uuew f^ 6 pointwise lifting of the product. That is, 

(n t(u))v= n 

uew UeW 

for any V E W'. Write n u for both the U- th projection of flr/eW' an( l its 
pointwise lifting. 

3.2 Locations, Regions, and Realms 

Recall that a location is an indivisible part of memory — for this section, 
we do not store values — and that a region is a — for this section, finite — 
subset of the set of locations. In this particular model, a region is the same 
as a world. This will not always be the case, and it is useful to distinguish 
regions and worlds as they play different roles. 

For any function R : FRV(B) —> W, let 

RW = |j™ I P e FKV{B)} C Loc 

for any B t that is a sub-bunch of B. A (region) environment for the realm B 
is a function R : FRV(B) —> W such that, if (Bi, B 2 ) is a sub-bunch of B, 
then R[Bi\r\R[B 2 ] — 0. Notice that if, for example, (B\ ; B 2 ) is a sub-bunch of 
B , then Zt[Ri] nit[R 2 ] need not necessarily be empty. Let Locr = R[B] for any 
region environment R for B. Let REnv (B ) be the set of region environments 
of B. 

We now construct a category, Realms, with objects consisting of realms. 
Let A and B be realms, and let FRV(B) = {p\,, p' n }. A substitution 
(—)[pi/p'i,... -Pn/p'n] of variables from A for variables from B consists of 
pi,... ,p n (not necessarily distinct) drawn from A such that: if Bi,Bj is a 
sub-bunch of B , p\ is in B, and p) is in Bj then there is a sub-bunch A x , Aj 
of A with pi in Aj and pj in A y Note the special case if n = 0. An arrow in 
Realms from A to B is precisely a substitution of variables from A for vari¬ 
ables from B. The verification that this is a category is routine. Furthermore, 
this category has finite products and an additional monoidal structure. This 
monoid is in fact a pseudoproduct, as described in [3]. 

Let s : A —> B be a substitution. For any R E REnv {A), we may 
define the function R s : FRV(B) —>• W. If s = (—)\pi/p'i, ■ ■ ■ iPn/p ' r J fake 
R s (p’i) — R(pi), for 1 < i < n. This gives a function 

(—) s : REnv {A) —>• REnv(B) 

between region environments for different realms. 
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We may extend any region environment R for B so that for some fresh 
region variable p FRV ( B ) we have 

R u : FRV(B) U {p} — 


given by 


R u { Pi ) = 


R{pi) if Pi G FRV(B) 
U if pi = p 


for any chosen region U. Let R be a region environment for B. Then R u is 
an environment for B\p. If Loc R D U = 0, then R u is also an environment for 
B,p. 


3.3 The Indexed Category 

A semantic type over a realm B is just a function r : REnv(B) —> Set w . 
That is, it is a family of functors, indexed by region environments. A mor¬ 
phism / : r —l t' between semantic types is a family of arrows (natural 
transformations) 

{}r '■ T R *' T 'R) ReREnv(B) 

indexed by region environments for B. That is, it is a family of functions 
indexed by region environments and worlds. Lifting composition and identity 
pointwise from Set w gives a category F(B) of semantic types over B. For 
each realm B, the category P(B) is a CDCC, with the operations given by 
pointwise lifting from Set w . 

Given a substitution s : A —> B , define a functor P(s) — s* : P(B) — f. 
P{A ) as follows. Let r be a semantic type over B. Then 

s*{t){R) =r(R s ) 

where R e REnv(A). Given / : r —» t' over B we have s*(f) : s*(r) —I 
s*(t') given by a family of natural transformations 

«*(/)* = /«• = r(R s ) t’(R s ) 


where R e REnv( A). 

The assignments for s* make it a functor that preserves CDCC structure 
on-the-nose. The proofs of these facts are simple verifications from the defini¬ 
tions. In particular, the second follows from the pointwise nature of the defini¬ 
tion. Further calculation shows that P gives a functor P : Realms —» CDCC 
to the category of CDCCs and strict CDCC functors. 

There are substitutions for projections 7 t : B, a — > B and t/j : B, a — s B 
given by putting for any ctj in B. The functor n* : P(B ) —> P(B ; a) maps 
an object r G P(B) to the family n *(t)(R) = t(R\ F r V ( B )) indexed by R e 
REnv(B;a). An arrow / : r —> r' of P(B) is mapped to 7 r*(/) : 7 r*(r) — p 
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in P(B;a) given by the family n*(f) R = f\ FRV{B) ■ t(R\ frv[b) ) —♦ 
t '(R\f R v ( B )) indexed by R e REnv(B;a). The description of the functor 
if* : P(B) —*• P(B,a ) is identical to the description of 7r*, except that the 
families are now indexed by R £ REnv(B , a). 

3-4 Functors for Universal Quantifiers 

Define a functor II : P(B‘p ) —> P(B) for the additive quantifier as follows. 
Send an object r to II(r) with 

n(r )(R) = n t ( rU ) (1) 

uew 

where R is an environment for B. Given / : r —> r', assign 11(f) R : 
II(r)(i2) —> II(r / )(I?) indexed by R, <G REnv(B ), with component projec¬ 
tion 

n(/W = fa. O r u : n r(R u ) —> r\R U ) 

t/eW 

at each U e W. 

For the multiplicative quantifier we use the functor T : P(B, p) —> P(B). 
This sends an object r to ^ (r) with 

n ( 2 ) 

E/eiocfl# 

where R is an environment for B. The action of T on arrows is by a similar 
restriction of the indexing to regions disjoint from Loc R . 

Theorem 3.1 There are adjunctions n* H II and if* H \l/. 

The proof of the theorem is by unwinding the definitions of arrows in P(B ), 
P(B;p ) and P(B,p). For the additive, this shows that the family underlying 
an arrow 7 r*(r) —> r' boils down to the same thing as the family underlying 
an arrow r —> II(r / ). A similar proof gives the multiplicative case. 

The Beck-Chevalley condition is a standard property required of indexed 
categorical models of ordinary (additive) quantifiers. It must be checked ex¬ 
plicitly since the existence of the functors needed to model quantifiers does not 
necessarily guaranteee that it holds. From a logical point of view, the Beck- 
Chevalley condition says that quantification commutes with substitution: if 
we substitute after quantifying over p, it is the same as quantifying over p and 
then substituting. More information about the Beck-Chevalley condition can 
be found in [11], 

Proposition 3.2 The Beck-Chevalley condition for II holds. That is, for any 
s : A —> B, we have that 


no P(sx l) = P(s)oU 
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holds. A weak version of the Beck-Chevalley condition holds for 4/. For any 
s : A —> B, there is a bunch B' and an arrow s' : A —» B' such that 

w o s' — s 4/ o P(s' ® 1) = P(s') o 4/ 

both hold, where w : B' —> B is weakening. 

The full Beck-Chevalley condition does not hold for multiplicative quan¬ 
tification because of the disjointness condition on the indexing defining the 
action of the functor II. Intuitively, if we add a new type variable p' by weak¬ 
ening before quantifying over p then p' must be disjoint from p. This is not 
necessarily the case if we quantify over p and then weaken in p'. The weak 
Beck-Chevalley condition makes appropriate modifications to deal with these 
separation issues. 


3.5 Summary of the Model Structure 

The fact that we have a model of the calculus follows immediately from the 
categorical results above. Some comments on this are in order. 

Polymorphic types are interpreted using 


IBhV / ,.r](B) = n c , 6 wnfl t ') 

(3) 

[BhV.p.T](ii) = n c , 6 tarf r(fl' / ) 

where R 6 REnv(B), ¥ — [B;phr] and r = [P, p h r]. The interpretation 
of the additive quantifier is such that the quantified variable ranges over all 
regions. By contrast, for the multiplicative it ranges only over all fresh regions, 
that is, those that are disjoint from all others used in the interpretation of the 
type. This hints at a connection between polymorphism and (region) alloca¬ 
tion and disposal — something that has been suggested by several authors in 
the past. Teasing out the precise nature of this connection requires making 
some refinements to the model and careful, but relatively minor, changes to 
the calculus. This in done in Section 4. 

Terms are interpreted using the hyperdoctrine structure of P; see [3] . The 
CDCC structure of a fibre P(P) is reflected as the fixing of the realm in the 
first-order rules of Section 2. 

In this language the region variables enter the language through the types 
p ref. At this stage we do not develop examples directly using these types. 
However, in order to be definite interpret 


[P b p ref] PIT = 


{(} if {(} = W C R(p) 
0 otherwise 
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for any region environment R and world W. A similar choice is made and 
explained in Section 4. 

We obtain, with the interpretation of terms M given in [3], the following 
soundness property: 

Theorem 3.3 If B | T b M : r is provable, then there is an arrow [M] : 
\B b T] —■> \B b r] in the fibre over B. 

An alternative model exists in which worlds depend on realms. Let R be 
a region environment. A world, W, is environmentally friendly if W C Locr. 
Semantic types are defined as before, except that now, after being given a 
region environment, they accept only environmentally friendly worlds. This 
model provides functors to model both of the universal quantifiers. The mul¬ 
tiplicative turns out to be simpler than the additive. The additive no longer 
satisfies the Beck-Chevalley condition, so is not quite ordinary polymorphism. 
For this reason, we prefer not to insist that worlds are environmentally friendly. 
In the BRDM, and in Section 4, compatibility constraints between worlds and 
realms are in the interpretation of references rather than the structure. 

3.6 States for the BDM with Regions 

We could simply take the BDM states to give a notion of state that is constant 
at each realm. However, we can refine the notion of state in order to take full 
advantage of region structure. 

If B — Bi,B 2 or B = Bi,B 2 then write Ri = R\ B . = R\FRV(Bi) an d 
Wi = W n Locr v for W G W and i = 1, 2. From any function s with domain 
W, we define s, ; = to be the restriction to W t . 

Let R : FRV(B) —> W be a region environment for a realm B. Define 
the states functor at R, Sr : W —* Set , recursively on the structure of the 
underlying realm B\ 

• if 5 = 0 then S R W = {_L : 0 {a}} 

• if B = p then S R W = (W D R(p)) =■# {a} + (N x (W D R(p)) 

•if B = Bp, B 2 or Bi, B 2 then s € SrW iff s, 6 SrWi for both i = 1, 2, 
where {a} is any fixed one-element set. The set SrW is always contained in 
the function space (W D Locr ) =4* {a} + (N x (W D Locr )). 

The clause for p enforces the condition that any linked system of locations 
that intersects R{p) must be entirely contained within R(p). Notice that the 
condition s, : Wi —> {a} + (N x Wf) is guaranteed in the final of the three 
defining clauses, so that the store Sj is contained entirely within the region 
Wi. It is important to understand the difference between the final two parts of 
that third clause. In the case B = B \; B 2 , the worlds W\ and W 2 may overlap; 
therefore a location in W t may point to a location in W 3 for i j. In the case 
B = B \, B 2 , the worlds W\ and W 2 do not overlap, so no pointer in W % may 
see a location in Wj. A procedure with a state parameter s that is typed over 
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a realm B \, B 2 could be guaranteed to produce an output entirely contained 
in R[Bi] and so does not intersect R[B 2 \. If the argument over B 2 is not used 
again, then we may dispose of R[B 2 \. An example of this kind is given in [24], 
involving two lists, stored in separate regions, that are concatenated into one 
of those regions. 


3.1 The BDM with Singleton Regions 

The region model specializes easily to a location model: a model for a calculus 
with location variables rather than region variables. 

Location variables are intended to range over locations rather than regions. 
The language is just as before; only the interpretation changes. A reference 
x : p ref is intended to live at the location specified by p. This kind of type 
features extensively in some of the more highly-developed calculi for memory 
management — see for example [13,28]. 

We continue to use FRV (—), even though we now have location rather than 
region variables. We modify the notion of region environment to a location 
environment , which is a map R : FRV(B) —► Loc so that each location 
variable is associated to a unique location in an environment. In a location 
evnironment R with R(p) = l, a reference x : p ref lies at location l. 

Note that when two location variables are combined multiplicatively they 
must be mapped to distinct locations by location environments. Semantic 
types, the base category and the functors induced by substitutions are con¬ 
structed using the methods above. 

An environment R for B may be extended with a location l to an envi¬ 
ronment R l for B] p by taking R l (p,) = R{pi) if Pi G FRV(B) and R l {Pi) = l 
otherwise. This is also an environment for B,p when l ^ Locr. 

The functors II : P(B ; p) —■> P{B) and 4/ : P(B,p) —§• P(B) used to 
interpret the quantifiers act on suitable objects r as 

n(r)(fl) = n t T) nr)(R) = n t F) 

lELoc I^Locr 

where R is any location environment for B. That is 


[Bhv P .T](fl) = n KI «T(fl') 


(4) 


where R G REnv(B), r — [5; phr] and r = [ B , phr]. The additive is just 
ordinary quantification over individuals, whereas the multiplicative is a kind 
of fresh quantification: the quantified variable ranges over unused locations. 
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The interpretation of reference types is modified to be: 


[Bhp ref }RW = 


W 

0 


if W = {R(p)} 
otherwise 


for any location environment R and world W. 

In the next section, we develop a language for region allocation and disposal 
via multiplicative polymorphism in region variables. It should be possible to 
do a similar thing for allocation of individual references using multiplicative 
polymorphism in location variables, but we have not worked through all the 
consequences of this approach. 


4 Region Allocation and Disposal 

In this section, we refine both the BRDM and the bunched region calculus to 
show how it can be used to support region allocation and disposal. 

We introduce a bunched polymorphic region language with references, 
based on a first-order language given by Berdine and O’Hearn [2], This is 
a variant of the language for allocation, strong update and disposal of first- 
order references given in given in [2] . It is founded on the first-order bunched 
lambda-calculus a\ but, for technical reasons (related to the soundness of 
disposal), is formulated in continuation-passing-style (CPS). Their language 
has a denotational semantics on a version of the BDM, so it can be integrated 
neatly into our approach. 

We make no claims for the practical significance of our region language. 
Our primary aim is to show that denotational models that capture some of 
the most fundamental properties of region languages can be constructed using 
our methods. The fundamental extension to Berdine and O’Hearn’s language 
is the addition of bunched region polymorphism. 

Importantly, our language requires no new proof rules or reduction rela¬ 
tions, so changes to the metatheory from Section 2 are minimal. 

4-1 The Region Language 

The types, r, are generated from storable types , a : = T | int, as follows: 

t:=ct|/|tAt|t—*t| Vp.r | V*p.r | a | H (B, r) | (p, cr)ref 

where we use a new type constant a, and type constructors H and ref. 

A reference containing a value of type a and located in region p will be of 
type (p, a) ref. An inhabitant of H(B, r) is a continuation that takes heaps and 
the regions in B to produce values of type r. Thus the realm B in H (B, r) has 
similarities to the syntactic entitites known as effects in the typing judgements 
of the Tofte-Talpin system. The type a is used in types of continuations 
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0 : int 


succ : int —> int 


: ((p, o')ref * T) -»• (a -> H(B(p),a)) -> H (B(p), a) 

■=<t,b, p ■ ((p, cr )ref * T) —> cr — >• H(.B(p), a) —> H (B(p), a) 

■=a,a',B, P :(p,cr)ref^cT / ^((p,cT / )ref -* H(B(p),a)) -* H (B{p),a) 

new B:P : ((p, T)ref -* H (B(p), a)) H (B(p), a) 

free^p : (p, cr) ref — > H (B(p), a) -* H(B(p), a) 

newregion B : (V*p.H((S, p), a)) *=*#■ H(S,a) 

freeregion B : V*p.H(S, a) —>• H((S,p),a) 

Fig. 2. Region Allocation and Reference Constants 


H(B, a) to describe alterations to the heap through allocation, deallocation 
and strong update of references. A fundamental idea in [2] is that additive 
types H(B,a ) —► H(B,a) describe commands that do not alter the heap. In 
contrast, commands H(S, a) H (B, a) can make such changes. This tracks a 
similar idea for logical connectives in separation logic. 

As before, the well-formed types B b r are just those with FRV (r) C 
FRV(B). The contexts over a realm B are generated as before, subject to 
these new types. 

The well-formed terms are generated using the rules from Section 2 to¬ 
gether with families of constants as shown in Figure 2. The subscripts on the 
constants indicate the indexing families. These will usually be omitted. The 
newregion and freeregion constants are well-typed over any realm containing 
B. The new, free, !, := and := constants are well-typed over the realm B and 
context 0*. 

The zero and successor constants have their usual meanings. There are 
constants new and free for allocation and deallocation of individual references. 
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The constant ! is dereferencing, whilst := is type-preserving (weak) update of 
references. We also have := for type-changing (strong) update of references. 
Lastly, we have constants newregion and freeregion that allocate and dispose 
of entire regions. 

The way to get a handle on these constants is to look at associated derived 
rules for manipulation of references. For example, supposing we are given 
appropriate terms N and K with 

B\T\-N:a' B | A h K : (p, a')ref -* H(B, a) 

and the abbreviations 

n := (p, c^ref — xt'—> ((p, cr') ref -* H(B(p),a)) -* H(.B(p),a) 
r 2 := 0 -'-»((p, 0 -')ref -* H(J3(p),a)) -* H(£(p),a) 
r 3 := ((p, a ')ref -* H(B(p), a)) -* Ha) 

for types. Then, given a reference B \ T h M : (p, a) ref, we have a derivation 
as follows: 


B | T b := : n B \ V b M : (p, cr)ref : 

E | T h app(:=, M) : r 2 TV J_ 

-B | T I— app(app(:=, M), N) : t 3 iF 

| T, A h app„(app((app(:=, M), N ), iL) : H (B, a) 

and we normally abbreviate the root term as 

M:=N-K 

in order to have the program written in sequence. Notice that the terms 
M := N and K are combined multiplicatively, so (according to the sharing 
interpretation) use disjoint store. For this reason, the reference M : (p, a) ref 
may not be used in K. It is replaced by the reference of type (p, cr')ref which 
K expects. The meanings of the other constants may be revealed in the same 
way. They have been omitted for reasons of space and should not be too hard 
to reconstruct. See also [2] for similar derivations. 

Turning to the constants for region allocation and disposal there are de¬ 
rived rules 

B I r b M : V*p.H {(B', p), a) B \ T h M : H {B', a) 

B | T b newregion ; M : H(S', a) B, p \ T h freeregion p ; M : H((£?', p), a) 

for allocation and disposal of regions. Furthermore, we have a derived rule 

B,p | rh M : H((5',p),a) 

B | T b newregion ; A*p.M : H (B 1 , a) 
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provided the side-condition is met. 

These rules exhibit the close connection between quantification and alloca¬ 
tion and between instantiation and disposal. We could have used such proof 
rules directly to define region allocation and disposal. However, the proof 
rules for the multiplicative quantifier and their interpretations are sufficient 
to enable us to write these commands as constants. Since no special proof 
rules are needed, the new region calculus is just a straightforward, applied 
variant of the bunched polymorphic calculus. Changes to the metatheory are 
minimal. It remains to show that the new constants can all be interpreted in 
a suitable model. 

For newregion, the intention is that the new region will be given the name 
p and that this will be associated with a set of locations that is disjoint from 
those used for any prior part of M. The operation freeregion can be used 
whenever the region to be disposed is unused by the rest of the computation. 
Recall that for this kind of CPS expression there is a Hoare-like relationship 
where the context of the conclusion is the pre-condition and the context of 
the premise is the post-condition for the term in the conclusion. The realms 
in these derived rules are then seen to verify that our intentions for newregion 
and freeregion are met. 

As an example of a continuation we have 

newregion; A*p'. new; \*y : (p',T)ref.y := 42; A *z : (/?', int)ref. 
newregion; A*p. new; \*x : (p, int)ref.R; Xw : int.x := w, 
freeregion p'\x := 36;freeregion p;K : H(R,a) . 

The uses of in the term are abbreviations for applications of constants 
that are better read as concatenations of continuations. This (rather trivial) 
program opens a region p 1 , creates a new reference y in p', updates (strongly) 
the value in y to 42, opens another region p, creates a new integer reference x 
in p, updates x with the value held in y, frees p' (including y), updates x with 
the value 36, frees region p (including x) and continues with K. This example 
illustrates the fact that it is possible to open first one region then another, 
dispose the first and then the second. The safety of this is guaranteed by the 
typing. The reader can doubtless see that the derivation of such a term is 
rather cumbersome. In fact, in order to type this term we need to add further 
constants that encapsulate the equality [B h q * (cr At 2 )] = [Bh (ti Act) *t 2 ] 
that holds in the model (see also the constant hoist of [2]). We conjecture that 
it should be possible (with a fair bit of work) to write longer programs that 
make more interesting use of regions. 

4-2 A Model for the Region Language 

We combine the BRDM with the denotational model from [2] to give a model 
of the present language. 
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Since arbitrarily many references may be allocated using any one region 
variable we are forced to use a model in which all regions are assumed to be 
infinite. Let Inf Reg be the set of all countable subsets of Loc with count¬ 
able complement. The complement must be countable in order to support 
allocation of regions. 

Redefine a region environment R for a realm B to be a function R : 
FRV(B) —# InfReg such that Loc R has a countable complement and if p 
and p' are separated by a V hi B then R(p) fl R(p') = 0. Here, let Locr be 
the set of infinite regions U such that Locr U U has countable complement. 

A (typed) world is a finite partial function from locations to storable types. 
That is, it is a finite set of locations together with a store typing. For worlds v 
and w write v fl w = 0 when the domains of the two functions do not overlap. 
When this is the case write v U w for the partial function whose graph is the 
union of the graphs of v and w. Worlds constitute a partial commutative 
monoid Wld = (Loc ^ cr, 0, *) where 

{ vUw if v fl rw = 0 
undefined otherwise 

and 0 is the partial function with empty domain. In what follows, we also 
regard Wld as a discrete category. This induces a CDCC structure on Set wld , 
similar to that of the BDM, and following Day’s method [4,5]. 

A semantic type over a realm R, is a family r of functors rR : Wld —> Set 
indexed by R £ REnv(B). An arrow between semantic types is a family of 
natural transformations f R : tr —> t' r indexed by R e REnv(B). This gives 
a category P(B) which is a CDCC, since Set md is a CDCC. Furthermore, 
it extends to an indexed category over the category of realms, following the 
BRDM construction almost exactly. In particular, we recover the functors n 
and T used to interpret the additive and multiplicative universal quantifiers. 
However, note that the index U in (1) and (2) is now drawn from Locr rather 
than W. 

A storable value is an integer (of type int) or the unit (of type T). That 
is, they are values of some storable type. A heap is a finite partial function 
from locations to storeable values. Let [int]] be the set of integers and [T] be 
the one-element set T. 

Define 

H(R,w)= JI MO] 

l&dom(w)nLocR 

to be the set of heaps compatible with w and R for the realm B. Note the 
compatibility constraint relating worlds to regions. 

Interpret a type B F r as a function from region environments for B to 
objects of Set wld . The interpretation is specified in Figure 3, where {e} is a 
given singleton set, 2 = {0,1} is a given two-element set, =>- is the function 
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IB b int]itoy = Z {B b T]Rw = {T} {B b a]& = 2 

[5 b /]& = < 


{e} if W = 0 
0 otherwise 


[5 b (p, a)ref}Rw = 


{7} if w — [l : a] and l € R(p) 
0 otherwise 


\B b - 0 -] for Q = A, *, -* using the CDCC P(B) 
IB b H (B\t)\Rw = ( H{R',w ) =* \B' b t]R!w) 

IB b Vp.r] = n([S; p b r]) [5 b V.p.r] ^([B, p b r]) 

Fig. 3. Interpretation of CPS language 


space, R' = R\ B , and the cases using II and 'F expand as in (3) but with U 
drawn from the set Loc R rather than W. 

The motivations for our intepretations are very similar to those explained 
in [2]. In particular, interpretations of int, T, /, A, —►, * and —* are just the 
same. Notice how a continuation of type H (B,t) is interpreted as a function 
that takes heaps on the store (restricted to B ) to values of type r. In particu¬ 
lar, continuations in H(B, a) interrogate the heap (on B ) to provide Boolean 
answers. A fundamental idea in [2] is to try to get a type system that lies in 
a propositions-as-types correspondence with a variant of separation logic [20]. 
This, together with the regions, drives the interpretation of (p, cr)ref. Roughly 
speaking, we have x : (p, <r)ref corresponding to x i—► v, where v : a at location 
l in the heap on the singleton { l } (and also l is in the region p). 

The interpretation of terms other than the reference constants and region 
operators follows the pattern of interpretation from the BRDM. The interpre¬ 
tation of reference constants are modifications of the interpretations given in 
[2], In particular, the interpretation of new requires that the interpretations 
of region variables are infinite. In practice, finite regions would be sufficient: 
their size would be bounded above by the number of individual references 
allocated within them. 
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Consider the interpretation of newregion B . Now, for any suitable R and w, 

IB b V*p.H((£,p),a)]ithu 
= ^lB,p\-H((B,p),a)}Rw 

— nu£iocR#r\L^(H(R U 1 w ) == ' > 2) 

holds. Selecting any region U G Locr # fl Locr we have a projection func¬ 
tion tt u : {B b \f m p.H((B, p),a)jRw —> ( H(R u ,w ) 2). There are 

functions F RjUtW '■ ( H(R u ,w ) =>- 2) —# ( H(R,w ) -=$• 2) such that for 
k : H(R u ,w ) —» 2 and h € H(R,w), we have F R!UtW (k)(h) = k(h'), where 
h'(l) — h(l) if l G Locr, otherwise h/(Z) = 0 if iu(Z) = int or h'(l) = T if w{l) = 
T. This gives F r , UjW o n u : {B h V*p.H((jB, p), —^[Bh H(S,a)]i?w. 

To get the required arrow over [5], for each R and w select some such U and 
use the functions Fr !U>w o n u . Note that we needed that Locr has a countable 
complement, but that it then follows that Loc r u has countable complement 
so we may use newregion again. 

Now consider the interpretation of a term freeregion B . We need an arrow 
\B b 0]] —> \B b V*p.H(S, a) —► H((5, p), a)]] over B. This is given using for 
all R and w and U G locR#r\Loc R the functions Gjj,r, w ’■ ( H(R , w) 2) —* 
(. H(R u ,w) 2) with G UiR>w (k)(h) = k(h'), where k G H(R,w) =£* 2, 

h G H(R u ,w) and h! = h \ LoCr ,. 

Notice how the semantics of newregion and freeregion extend and restrict, 
respctively, the part of the heap that may be used. 

Finally, we remark that, with appropriate interpretations of the remaining 
constants, the soundness property (Theorem 3.3) carries over to this setting. 

5 Conclusions and Comparisons 

There are many possible avenues which have been left unexplored. Some 
region calculi allow for region (location) constants that may be substituted 
for region (location) variables: our model could be modified to support this 
by altering the definition of substitution between realms. In [14], the BDM 
is refined in various ways, making it possible to give semantics to languages 
with more complex features, including recursion. Similar steps could be taken 
with this model. At present our model only allows very simple references, 
following [2], This should be extended to treat references to other values, 
such as functions and references. 

An alternative way to handle allocation and deallocation of individual ref¬ 
erences would be to type references using location rather than region variables 
and to make appropriate changes to the constants and the model. 

The relationship between the languages we have presented and previous 
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region and location languages remains to be clarified. Our reference language 
is in CPS and only puts references in regions. In contrast, the language in [25] 
is in direct style but has effect labellings on types and puts almost all values 
in regions. It may be worthwhile to see whether other region languages, such 
as the linearly typed languages described in [6,13,27,28,29] and the type-and- 
effect systems described in [9,12,25], can be given a denotational semantics by 
translating them into ours. This would also give a measure of the expressive¬ 
ness of our language relative to others. 

In most region (and location) systems, the regions obey a stack discipline. 
In contrast, our system does not require this: we may interleave allocations 
and disposals at will and the disjointness conditions implicit in the types will 
give a static guarantee of soundness. In some situations this could allow for a 
more efficient recycling of memory. A number of other authors have been led 
to consider typed region calculi of this kind, for example [6,9]. 

Bunched existential quantifiers are given in [3] and could be exploited in 
region models. An extreme form of the multiplicative existential, that hides 
all of the regions used to form the representation type, has some similarities to 
the region function closures of [25] and could also be used to describe abstract 
data-types with encapsulated state. 

It may not be unreasonable to expect some relationship between the mul¬ 
tiplicative quantifier in (4) and the freshness quantifiers of [7]. 

We remind the reader that bunched polymorphism and first-order bunching 
are independent. Both happen to be supported by the BRDM, but the use 
of bunched polymorphism together with the category of realms should be 
regarded as a general technique for building models of languages with region 
and location parameters. 
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